[c-nsp] ARP and less specific interface entries

Rodney Dunn rodunn at cisco.com
Wed Mar 19 23:50:24 EDT 2008 

Frank,

CEF isn't architected to handle overlapping directly connected
subnets. We block most of those configurations from even being allowed.
I know we've missed some permutations before.

It has to do with how the /32 adjfib entries are programmed for the
/32 that maps from the FIB to the arp entry for the ip address.

Rodney

On Tue, Mar 18, 2008 at 11:03:08AM -0500, Frank Bulk wrote:
> I did do that at the time, and the debug said that it was creating an
> "Incomplete" for those IP addresses.
> 
> 41w1d: IP ARP: creating incomplete entry for IP address: 10.1.4.208
> interface FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.4.208 0000.0000.0000 FastEthernet0.5
> 41w1d: IP ARP throttled out the ARP Request for 10.1.4.208
> 41w1d: IP ARP: creating incomplete entry for IP address: 10.1.50.201
> interface FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.50.201 0000.0000.0000 FastEthernet0.5
> 41w1d: IP ARP: sent req src 10.1.0.1 0009.4309.3632,
>                  dst 10.1.0.51 0000.0000.0000 FastEthernet0.5
> 
> Frank
> 
> -----Original Message-----
> From: Peter Hicks [mailto:peter.hicks at poggs.co.uk] 
> Sent: Tuesday, March 18, 2008 2:14 AM
> To: frnkblk at iname.com
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ARP and less specific interface entries
> 
> 
> Frank Bulk wrote:
> 
> > Why won't overlapping subnets work on an interface? What does that have to
> > do with the router's ability to ARP for an unknown MAC address? It's the
> > clients that are key, right? If they have the right mask and point to the
> > right gateway, the packets should be accepted by the router. And as for
> the
> > router forwarding traffic to the clients, if they're locally connected,
> > whether they are more broadly or narrowly defined as being locally
> > connected, it just needs to ARP?
> 
> Do a "debug arp" - are ARP who-has packets being broadcast for the addresses
> on
> one of the secondary subnets that is causing you a problem?
> 
> Do you see replies coming back?  Are they being rejected?
> 
> 
> Peter
> 
> --
> Peter Hicks | e: my.name at poggs.co.uk | g: 0xE7C839F4 | w: www.poggs.com
> 
>    A: Because it destroys the flow of the conversation
>    Q: Why is top-posting bad?
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list